Sunday, 9 December 2012

In the news this week was the possible demise, due to bad wether this year of Grey Partridges and Turtle doves. The Daily Telegraph contribution to this sad conservation story was an article and then in the Sunday Telegraph Stella colour supplement a recipe for "Roast partridge with red wine and juniper berries".

Tuesday, 4 December 2012

Moving house is a good time to have a life laundry, dump some of the junk, refresh the wall pictures and generally move on in life. When moving locally (less than a mile) one thing you don't expect to loose is the phone number you've had for 12 years.

Kevin and his house moving crew packed up our world into boxes, into his van and down the road. We had triaged the clutter into move, charity shop and dump boxes to get started on the stuff reduction but there was still a big pile of things to move. Remember when reducing clutter with a partner that "My Junk is Stuff but your Stuff is Junk."

All Sky UK TV had to do was move a landline phone number from one external line to another within the same exchange code. To be fair Sky made the moving process easy, click on a few buttons and fill a few forms, wait a few days, then the broadband, phone, satellite services were moved. They even had a land line and dish install guy come round to check the service. Unfortunately the phone service was assigned with a new number.

The other half is way more organised than I am and had sticky labels and stationary prepared and was already half way down the long list of organisations to contact with the new address. I did not help by saying I liked the new number that does have a glow to it being a bracketed palindrome.

A call to Sky customer service provided no explanation other than "The customer service rep should have told you when you placed the order." I have a sneaking suspicion that this is a business process failure somewhere between Sky and BT Openreach who control the exchange lines.

Anyway that really does not cut it, no technical or service explanation for what will be a lot of unnecessary hassle and inconvenience. The impact of this on Sky ? Everyone of our 250 closest friends and family gets to hear the story.

Lets put this down to a Skyfail. Cue the music Adel .... the thin lady sings.

Saturday, 15 September 2012

The Tour of Britain flew through Bideford in Devon this Saturday. On the way from Barnstaple to Dartmouth. Managed to grab a couple of photos as they flew by on the way to the first sprint at Torrington. The weather was great, sunny and clear with just the hint of autumnal morning chill.

Friday, 3 August 2012

On holiday in mid France down near Cognac for a couple of weeks, escaping the big Olympics show going on in London. Having a good time with the family staying in a villa found on Owners Direct in mid France down near Cognac. The weather has been a bit mixed but always better than UK. Have got out into the countryside on trusty bike mapped of course by Runtastic. Have been doing about 15 to 20 miles a day in the later afternoon. As with most exercise the more you do, the easier it gets.

I have to say that I am not worried about the state of French agriculture as it's a hive of activity round here just now. There are miles and miles of sunflowers, wheat, sweetcorn and vines tended by the usual collection of tractors combines and surly looking farm hands.

As expected the cheese, fresh crusty bread and wine are as tasty as ever. The bread has the shelf life of less than a day so regular trips to the local Boulangerie are in order. For the wine, as someone who tries to find the twin attributes of cheep and good but likes a selection of different reds to try, the sweet spot is the "Expert Club" selections available at

The bottle branding is consistent with the Expert club logo at the top of the label and on cork/bung. The range covers loads of interesting wine regions, Burgundy, Bordeaux, Bergerac, Medoc, Cotes du Rhone, Beaujolais-Villages, Saumur and many others. A personal favourite is The Lussac Saint-Emilion at about 6 Euros a real bargain for a quality wine.

We had special dinner at a local country house that offered Chamber d' hotes and the "Come dine with us" style Table d' hotes. The menu was unknown but turned out to be bacon wrapped fig and apricot as a starter followed by roast duck with wine and Balsamic reduction. A cheese round followed and then to wrap choc cake with Strawberry and vanilla glop with Coffee or Tea. All for a very reasonable 30 Euros in a classic French 1880 country house setting. If your over this way check in overnight with Will and Liz at the Manoir Souhait in Gourvillette.

And finally, got to love it when a country lives up to it's own stereotypes. In this wrestling poster the usual display of fighting characters are shown including "Surly Pierre" the Maitre d' of your worst nightmares :-)

Monday, 30 July 2012

Being in the tech support business I like to follow how technical issues are examined and resolved. With the advent of support forums this is often done in public where kind hearted techies try to assist general folks while the Ingnorarity whine "Vendor x should just fix this." or mutter vague unsubstantiated threats of "I will never buy Y again because of this issue."

The best type of issue to observe is the type with

Random and conflicting symptoms,

Tied to a "feature" introduced in some basic piece of infrastructure that everyone either ignores or just does not know about.

The failures can be bypassed but cause ongoing annoyance and concern.

Apple OSX is currently struggling with one such issue handling web site security certificates. I have seen this one myself on an up to date MacBook Pro laptop. Websites that need to be trusted (banking, paypal etc) barf certificate error messages and the AppStore gives "Connection error" when trying to update software even though iTunes store logs in correctly with the same AppleID.

Some background information on Website certificates

Website certificates are part of the trust mechanism that tries to ensure that the website your talking to is the actual website and when talking to that secure website, no one snooping can see what your talking about. Without going too deep on this, trust certificates are built into programs and websites which are then used to set up and validate secure end to end connections. Most peoples experience of these infrastructure operations extends to seeing the "S" in a secure web address such as httpS://www.xyz.com. See this for yourself go to www.ebay.com and click login. The webpage address at the top of the page changes to https://signin.ebay.com/... In the background an encrypted secure SSL connection is set up and used to pass the login details and password to the website using encryption. Anyone listening into your data conversations would see the connection to the websites being made but are not be able to read the user names and password as they are passed to the website.

The SSL connection and website certificates mechanisms are based on a public/private key crypto system. This system works on the basis that if you encrypt information using a publicly available key, that information cannot then be decoded unless you have the private key. The public keys are distributed freely to programs that need to send information but the private "Decode" keys are held safe at the receiving organisation. Anyone intercepting the message may know the public key and the encoding mechanism but will not be able to read the message without the companies private key. Think of a special padlock with two keys. One key can only lock the padlock and the other can unlock. The padlock and the locking key is freely distributed but the unlock key is held securely. Using this special padlock, goods can be secured in transit. The trust certificates ensure that your are getting the public key from the correct organisation and not another pretending to be the receiving organisation.

Part of the trust certificate system is a mechanism to revoke and cancel certificates that have been stolen or broken. Amazingly this revocation system was not implemented in some operating systems certificate handling code until recently. Full use of both certificates and the revocation mechanismhas long been a requirement of even mildly secure internet security protocols. Recent break-ins to organisations that really should know better has reenforced the need for both secure certificates and a revocation mechanism. Read more about CRLs and OCSP to get a view on how some of this technology works.

Apple's certificate problem

When browsing and trying to login to sites that use the above httpS mechanism would sometimes get an error message similar to "This certificate was signed by an untrusted user." Looking at the Safari activity window a similar message is seen. In this example the site certificate https://www.paypalobjects.com/ that was issued by Verisign does not work correctly. The web page behind showed with the correct details from Paypal but the graphics from www.paypalobjects.com missing.

This problem also shows up when using the Appstore to get software updates. After selecting an update, an Apple_ID login box appears. Logging in using the same credentials that work correctly for iTunes gives the cryptic error message "Connection failed." The problem seems to have first shown up in the recent OSX 10.7.4 update.

This is a type insidious error that causes a loss of trust in both the platform being used and the apparent "security" of the internet for Mac users. Having to bypass bogus certificate errors on a regular basis trains users to ignore the unusual and vastly increases the chances of accepting a hostile or correctly revoked certificate.

Looking at the Apple forum entries on this issue, amongst the normal forum noise and confusion, the following suggestions can be seen:

This is a system clock issue: True, if set a long way out, can cause certificate to appear as expired when they are not. This does not cover the "invalid issuer" messages that are at the heart of the issue.

This is an ocspd issue: Kind of in the right area, it is a certificates problem. However the suggestion that followed to change the preferences in Keychain application to switch off the certificate revocation mechanisms CRL and OCSP. This is madness do not do this. This is the sort of Doh! advice that goes alongside "Never forget where your car keys are by leaving them in the car."

The normal setting for the above items are "Best Attempt".

What fixed it for me

Looking down the posts the following entries by Apple forum user quickSti
fixed it for me and others. It did take about 10 minutes poking into the unfamilier Keychain application but has fixed the web site certificate ( invalid issuer ) error and I can now login to the AppStore.

I solved this on my wife's computer by resetting the security certificate settings. This might help others:

Close all (Safari) windows.

Application -> Utilities -> Keychain Access -> click on System Roots on the left, and then click on Certifcates on the bottom left.

Check to see if any of the certificates on the right have the blue "+" symbol - this means they have custom trust settings.

There is a bug in changing the policies, so you'll have to change them via the method below. Changing them just by changing the access to "system defaults" doesn't seem to save. The method below worked for me.

Double-click on each certificate with the custom setting (blue "+"), expand the section labled "trust". Change the "Secure Sockets Layer (SSL)" setting to "no value specified". Close window - you should be prompted for the password. Double-click on the certificate again, expand trust, change the "When using this certificate" setting to "Use System Defaults". Close window, and re-enter password.

If you didn't re-enter your password upon closing the window, the setting didn't take. The blue "+" should disappear after a few seconds when it's set back to default. Once all of the certificates are changed back to default, restart Safari.

This solved all of the problems for my wife's computer with these issues and OSX 10.7.4

This Explanation expanded on the solution

This worked for me. It's ingenious since there was some kind of bug with the 10.7.4 update and it caused certain certificates to change their trust values or not register them properly in Keychain Access. This method below has you change a certificate's trust value, save it, then change all the certificate's trust values back to default as it should be. This solved my problem and my father can use his banking websites on Safari again. However, it does take some time to enter and re-enter the admin password again and again for over 20 certificates. Good luck and thank you for the advice.

There you have it, an ugly infrastructure bug that impacts normal web operations in an annoying and trust reducing way. A few red herrings seen on the journey to resolution. For sure this is not full root cause but enough for most folks to get by. There are other similar looking error messages so please take care to ensure that what your seeing is the same if you expect the same solution to work for you.

Finally remember to capture a screen shot using Grab or similar. When working with technical support folks, showing what you see is far more compelling than a vague description of a half remembered message.

Friday, 8 June 2012

DIY is supposed to be straight forward and easy for the average chap to achieve. Swapping some outside lights is one of those tasks. The wiring is in place so a simple substitution should be possible. Not so simple if you get this product from Homebase.

This PIR (motion) activated low energy bulb fitting in a plastic casing. Sold at a reasonable £20. Included in the box are instructions ( Ref INS-OD0035-B) for the wiring, Neutral Earth and Live N, E, L.

Unfortunately not matched by the connections in the fitting that are L1, N, L with a separate Earthing post on the reflector. FAIL.

See that mention in the instructions of the two adjusters on the base of the unit, one for "Dusk" and the other for "Time". Nowhere on the device or in the referenced diagram 4 is there and indication of which adjuster is which. FAIL.

Come on Homebase these are schoolboy retail errors that should be caught well before product get on the shelf.

Wednesday, 6 June 2012

Inovation in everything is the driver of growth. Take a couple of items as simple as as a comb and brush.

The comb is a Ferminator de-shedding tool used to remove the excess hair from dogs and cats. We have a hairy dog and he sheds and moults and loses inch long back hairs at an amazing rate. We even have a house phrase "Everything tastes better with Griff hair in it." because they just get everywhere. The Ferminator, applied once or twice a week, removes large handfuls of hair each and every time. Griff still sheds hair just not so much of it gets in the house. Normal brushing has been tried, and sure he looks better afterwards, but for effective hair reduction this is the tool of choice.

The brush is a wire brush with the handle of a surface plane. Used for removing rust and flaky paint from all sorts of surfaces this brush really nails the function. Easy to hold and manoeuvre this brush is perfect for cleaning some decking planks this weekend.

The innovation here (which I admire) is to take a simple function, see how it's done now and improve it. Each tool has a patent number, lets hope that protection delivers value to the inventor that had the insight to make a new twist on the simple ideas of a brush and comb.

Tuesday, 22 May 2012

The internet abounds with legends, conspiracy stories and plain old hoaxes. I am happy to add to that body of knowledge with the strange tale behind why the Olympic torch went out in Great Torrington on Monday 22nd of May 2012.

Great Torrington is a town with a long history going back to well before the 13th Century. The towns most noticeable historical event was during the English civil war. The Royalist Cavaliers and Roundheads of Cromwell battled in February 1646 resulting in the defeat of the Cavaliers by the army of General Fairfax. Royalist prisoners were locked up in the church, that had also been in use as a power store. Due to a stray spark or flame the church burnt/exploded destroying the church and killing the 200 local prisoners.

Wind forward a few hundred years the sight of a government sponsored flame approaching the town with an army of 300 supporters and 30 vehicles may just have been too much for the sad old ghosts of Torrington.

The good news is that the current local society of Cavaliers are very much in control of most of the flames around Torrington. Holding bi-annual fundraising bonfire events that involve setting alight historical reconstructions such as life scale Nelsons Victory and in 2010 a huge castle complete with dragon the Cavaliers continue to assert individuality in a good cause.

If you can get the chance visit Torrington in North Devon do take the opportunity. Surrounded by 200 acres of common land and linked to the coast by the cycle friendly Tarka trail, Torrington is a great classic Devon town where legends live on.

Tuesday, 15 May 2012

Sometimes ideas just strike a cord. Often those ideas are things you kind of know and understand but the way they are described makes the concept resonate and appear as if for the first time. It's quite a gift to be able to present ideas in this way with clarity, precision without resorting to greeting card schmaltz.

One person currently blogging for Forbes that seems to capture this style is Jesica Hagy. She uses a simple business graph or diagram to really capture the essence of a philosophical idea. Here is one such graphic that completely captures the idea of how much burning passion is welcome on any subject you choose. Known as the "Goldilocks factor" you can apply this to religion, politics, recycling or even expressing keenness for the wonderful taste of Marmite.

Saturday, 21 April 2012

I have been working at he same large software house for about 14 years now. After moving away from desktop systems in the early '00 the PC policy has been to provide a laptop that is "refreshed" about every 3 years or so. Over the years I have had 2 Dells and most recently a Lenovo Thinkpad T61. The Thinkpad has been struggling under the weight of Windows Xp SP 3 with a full suite of system security and configuration management software. Windows Xp also suffers from progressive slowing down due to registry entry bloat and disk fragmentation. The system has been struggling with it's hard drive access with almost constant activity. An examination of the process involved show configuration management scans, Anti-virus scans, content index scans, System backups, and software updates. Just once in a while a stuck WinLogin processes nails a CPU core.

Finally a refresh system arrives and is a bit of a disappointment. The hardware has hardly moved on to an under specified Lenovo T410 and the system image is still Windows XP service pack 3. Maybe this is a procurement wrinkle but the system is already a year old (manufacture date 4/11), has only 2GB of memory and just 320 GD hard drive.

This is just not good enough, time to "Pimp my ride" even if it is just a company van. Luckily the Lenovo is easy to upgrade. First up is the memory, adding and extra 4GB to the 2GB already built in is a snap. Unlike some systems memory modules don't have to match so adding 4GB gives a very usable 6GB in total. One screw secures the memory slot cover on the back into which a SODIM memory unit can be clipped in.

As mentioned the previous system was bogged down with hard drive activity. There is a £110 solution that is revoluionising the hard drive market. SSD drive replacements delivers staggering performance in a laptop system. These plug compatible units replace mechanical storage with all electronics. Think large USB stick but with out the delays. Traditional hard drives have built in delays apparent with just about every read or write transaction. A typical disk read request sequence goes as follows, send read request specifying number of blocks at certain block offset, Hard drive moves head to select cylinder, Drive waits until disk platter rotates to required sector, read commences. The sectors pass under the head at different speeds resulting is a speed disparity between different parts of the hard drive. An SSD drive is all electronic so there is no delay between sequential blocks read wherever they are located in the drive. This no-seek time aspect makes SSD supremely fast in random read situations such as system boot and program load sequences. The speed of the connection between the drive and system can be fully utilised and sustained. The random read nature of system scans, backups, configuration checks are all in the sweet spots for SSDs.

SSDs are more expensive than regular hard drives even when taking into account the Thailand flood factor. About £1 per GB is normal. Having looked at the data on the current laptop I have about 60GB of documents and email. Remembering that that data has accumulated over 10 years at least a desk cleaning is in order. After pushing all the data to an external hard drive and calculating the size of just the last 2 years of material, it will all fit in 30GB. I went for a 120 GB SDD to allow for increased use of photos and multimedia in the future. This is a work laptop the photo, music and video collection live on another better endowed system. If more storage space is needed larger SSDs are available or the DVD drive can be replaced with a traditional drive in a special frame with an external DVD drive used.

The hardware install of the SSD was easy on the Lenovo T410. Just undo the disk drive bay cover screw, remove the cover and pull out the drive. Noting carefully the connector alignment, move the rubber edges over to the new SSD and insert back in the drive bay. Once in place the SSD is installed and used just like a traditional drive.

The extra memory just installed beyond 3.5 GB would not be utilised by Windows XP due to technical limitations so next up is upgrading to Windows 7 Enterprise. A fresh install is required with just transfer of documents and email storage. Avoiding the "Transfer all my documents and settings" gives a fresh start losing the past years of bookmark and program baggage. Windows 7 install was easy as work provided a properly engineered install image disk set. W7 has lots of useful features such as auto update and auto driver location and proves a much improved all round visual experience. Be sure to also follow the manufacturers update process to bring BIOS and drives up to date on a new(ish) machine.

Finally the last upgrade is to recycle the hard drive into an external drive enclosure with an eSata connector. eSata give much faster connectivity than USB 2 or 3. The Lenovo has an eSata port ready for use. Using this port as as the backup drive finally gives acceptable backup times,

All in all these updates memory, SSD, W7 and eSata backup makes a fast and more power efficient laptop experience. At a cost of about 10% of the new supply price I have 300% memory size and 300 % disk speed increase and 100 % less frustration.